4 Replies Latest reply on Oct 4, 2017 5:41 AM by jParnell

    Deleting a registry key during provisioning is proving to be impossible

    jParnell Specialist

      OK, so here's the long story short. I am attempting to remove a registry value from HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}. The value in question is "NoMachinePolicy"

       

      So far, I have tried:

       

      1. LANDesk's built in task Update Registry.
        1. It fails with status -2147477501 and doesn't even write to the handler log file in C:\ldprovisioning
      2. Building a batch file and using Execute File to target the batch file
        1. Batch file contents: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" /v NoMachinePolicy /f
        2. Results: ERROR: The system was unable to find the specified registry key or value.
        3. Manually running the batch script as admin executes as expected
      3. Building a VBS script and using execute file to target cscript, with the script path as the parameter
        1. script contents at the bottom
        2. The script runs and does not generate an error, but the value is still present
        3. Manually targeting cscript and the VBS script as the parameter from an elevated CMD window executes as expected

       

      Seriously, what does a guy have to do in order to delete a registry value out of HKLM?

       

      OS: Windows 10 Enterprise 64 bit 1703. LDMS 2016.3

       

      VBS contents:

       

      strValueName = "NoMachinePolicy"

      strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}"

      strComputer = "."

       

      Const HKEY_LOCAL_MACHINE = &H80000002

      Set objRegistry=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

      Set objShell = CreateObject("WScript.Shell")

       

      objRegistry.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName

      objShell.Run "Net User Administrator /Active:Yes", 0, True

        • 1. Re: Deleting a registry key during provisioning is proving to be impossible
          phoffmann SupportEmployee

          Does any of this help?

           

          • Given that you (well - we / the agent) is running in "LOCAL SYSTEM" context ... have you tried pointing towards HKCU instead? ("Local System"-s HKCU == HKLM ... usually more of a headache but in this case, may help you).

           

          • Find out why your action(s) fail. Use PROCMON (from SysInternals) to trace the registry (maybe a permissions issue?) activity & see where / why you can't delete it.
          • For added logging on provisioning, enable XTrace - that may give you more insight as well potentially -- How to enable Xtrace Diagnostic Logging .

           

          I'd probably attack things with ProcMon myself to begin with. First question I always ask is "where / why do I fail?" ... that's usually how I find out that somewhere along the tree, someone/something remove any & all registry permissions or whatnot (god knows how that happens, but I do keep on seeing it every few years).

           

          Hope that helps.

          • 2. Re: Deleting a registry key during provisioning is proving to be impossible
            jParnell Specialist

            I found a method of implementation to accomplish what I needed (details below). I think the issue is that LANDesk's handlers force 32bit everything, so while I was pointing it to HKLM\SOFTWARE\Microsoft, it was actually looking in HKLM\SOFTWARE\WOW6432Node\Microsoft. That would explain why the batch and VBS scripts were working when it was run from an elevated command prompt, but not from the ExecuteFileHandler. It still does not explain why the Update Registry item failed (and failed to log why it failed), but seeing as how we're retiring our 2016.3 server this week for a shiny new 2017.3 server, I don't think this is worth troubleshooting unless the same symptoms persist when we go live with that. Normally, I'd like to troubleshoot further, but this just happened to be an issue that needed to be fixed in as little time as possible.

             

            My solution was to create a lightweight C# console app that made the necessary registry changes. Code below. When I first built it, it was failing just as marvelously, which was a bewilderment. It wasn't until I went into the project properties and unchecked "Prefer 32-bit" in the build settings (while still targeting Any CPU) that I was able to successfully run the app. The best part is it even works in Provisioning templates.

             

            If there's any interest in the community, I can expand on this to take parameters so that the registry can be legitimately manipulated in 64 bit deployments, though frankly if this hasn't been brought up before, it doesn't seem likely that many people manipulate the registry all that much in Provisioning.

             

            Code for the C# app:

             

            using Microsoft.Win32;

            using System;

             

            namespace RestoreMachinePolicy

            {

                class Program

                {

                    static void Main(string[] args)

                    {

                        RemoveValue();

                    }

             

                    public static void RemoveValue()

                    {

                        string keyName = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}";

                        string value = "NoMachinePolicy";

                        using (RegistryKey key = Registry.LocalMachine.OpenSubKey(keyName, true))

                        {

                            Console.WriteLine("Removing " + key.ToString() + " value: NoMachinePolicy");

                            try

                            {

                                key.DeleteValue(value);

                                Console.WriteLine("Value removed successfully");

                            }

                            catch (Exception ex)

                            {

                                Console.WriteLine("An error occurred while removing the key:");

                                Console.WriteLine(ex.ToString());

                            }

                        }

                    }

                }

            }

            • 3. Re: Deleting a registry key during provisioning is proving to be impossible
              phoffmann SupportEmployee

              Hmm - might've defaulted to 32-bit running mode. If you call the reg-change via a batch, you can force that to run as 64-bit mode on 64-bit systems. That may help in the future.

               

              Appreciate you putting the time into explaining what happened & why - that's always useful for other people to verify whether they have / don't have the same issue.

               

              All the best with the new 2017.3 Core when it's up .

              • 4. Re: Deleting a registry key during provisioning is proving to be impossible
                jParnell Specialist

                Good point - I never even thought to try calling %SystemRoot%\Sysnative\cmd.exe /c. I'll have to keep that in mind for next time.